CVE-2026-34953

Name of the Vulnerable Software and Affected Versions PraisonAI (affected versions not specified)

Description A flaw exists in the token validation process, where the OAuthManager.validate token() function incorrectly returns True for any token not found in its internal store. This store is empty by default, allowing any HTTP request with an arbitrary Bearer token to be treated as authenticated, granting full access to all registered tools and agent capabilities. The vulnerable code is located in oauth.py at lines 364, 374, and 381. An attacker with network access to the MCP HTTP server can call all registered tools, including agent execution, workflow runs, container file read/write, and skill loading. The server binds to 0.0.0.0 by default, requiring no API key.

Recommendations Modify the validate token() function to explicitly reject unknown tokens by returning False if the token is not found in the internal store.